Exam SAP-C02 All QuestionsBrowse all questions from this exam
Go to Exam
Question 359

A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys. The following user personas need to access the analytical solution to perform different actions:

• Administrator: Provisions the EMR cluster for the analytics team based on the team’s requirements

• Data engineer: Runs ETL scripts to process, transform, and enrich the datasets

• Data analyst: Runs SQL and Hive queries on the data

A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create.

Which solution will meet these requirements?

    Correct Answer: C

    Using AWS Service Catalog is the most appropriate solution to meet the requirements. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS, which ensures that only approved applications and configurations are deployed. It supports defining permissions for each user persona, ensuring they have least privilege access. It also enforces resource tagging, which is essential for managing and tracking resources effectively.

Discussion
career360guruOption: C

Option C. Option A does not provide control over deployment of resources and configurations.

awsamarOption: C

keyword here are: "...only applications that are approved and authorized..." Only C provides this

ayadmawlaOption: A

A - IAM Roles define actions Service Catalogue is about resources (EMR)

ayadmawla

it seems that I was wrong and C is the approach as per: https://aws.amazon.com/blogs/big-data/build-a-self-service-environment-for-each-line-of-business-using-amazon-emr-and-aws-service-catalog/

JMAN1Option: C

C because tagging ensured by Service Catalogue.

PouyaK

Answer A - The answers from Chat GPT are inaccurate and untrustable.

shaaam80Option: C

From GPT: AWS Service Catalog allows you to control and manage access to resources by defining portfolios and products with specific permissions. Allows you to create portfolios with approved and authorized applications, ensuring that only the specified applications are launched. AWS Service Catalog can enforce tagging on provisioned resources, ensuring that all resources created by the user personas are appropriately tagged.

heatblurOption: C

C is correct: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. This is ideal for controlling which Amazon EMR versions and cluster configurations are available to users. Specific cluster configurations and permissions can be set for each user persona, ensuring they have only the access they need. This meets the least privilege principle. The Service Catalog can be configured to allow users to launch only certain applications, ensuring adherence to company policies on approved and authorized software. It also supports resource tagging.

dutchy1988

It seems that AWS is upselling AWS Service Catalog here with this question. Some key parts in this question: 1. Least privilige access 2. launch only approved and authorized applications 3. ensure tagging.

dutchy1988

due to point 3, all options with AWS config rule are out since it only measures if you are compliant, so that means tagging is not ensured upfront. A and D are out! B doenst fullfill the requirement for tagging and even more, is kerberos really helpfull here?

dutchy1988

Leaves only C, quote from https://aws.amazon.com/servicecatalog/ Create, organize, and govern a curated catalog of AWS resources that can be shared at the permissions level so you can quickly provision approved cloud resources without needing direct access to the underlying AWS services. -> meets only allowed and authorized application launch. AutoTag fulfills the requirement to tag resources with creator -> aws:servicecatalog:provisioningPrincipalArn - The ARN of the provisioning principal (user) who created the provisioned product. this can only be AWS Server Catalog. and please stop seeding GPT answers! do your own research.

gfhbox0083Option: C

C, for sure. AWS Service Catalog ensures that all resources created are compliant with the organization's policies, including mandatory tagging.

vibzr2023

Selected Answer: C Option A: While IAM roles and identity-based policies offer user-level control, they lack the functionality for managing EMR deployment options and configurations centrally.

shaaam80

Please vote your answers rather than just commenting. It skews the vote % for someone who doesnt read all the comments.

devalenzuela86

A is correct Aws: To ensure that all user personas have least privilege access to only the resources they need, can launch only approved and authorized applications, and ensure tagging for all resources that the user personas create, a solutions architect can consider the following steps: 1. IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. 2.Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.

cypkirOption: C

Answer: C